According to the latest reports, crypto exchange Bybit suffered a major hack, and over $1.46 billion in Ethereum was withdrawn from its hot wallets.
This could potentially be the biggest security breach in crypto history.
SponsoredBybit Hack: Everything We Know So Far
On-chain data shows that a staggering 401,346 ETH (valued at $1.13 billion) was reportedly transferred from Bybit’s hot wallet to an unknown wallet address. The amount is now being liquidated, which also immediately impacted Ethereum’s market price.
This large transfer immediately sparked concerns that Bybit had suffered a breach, especially considering the significant value of the assets involved.
Sponsored SponsoredBybit CEO Ben Zhou confirmed the reports on social media.
“Hacker took control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdraws are normal,” Zhou wrote on X (formerly Twitter).
According to his statement, Bybit’s Ethereum cold wallet was hacked because the attackers tricked their security system. The wallet signers (authorized people) saw a fake user interface that showed the correct address, making them believe they were approving a normal transfer.
However, in reality, they were unknowingly signing a change to the smart contract logic, which gave the hacker control over the wallet. As a result, all the ETH in that cold wallet was transferred to an unknown address.
“The biggest hack ever by far. Very similar to the WazirX $235 million access control attack,” Deddy Lavid, CEO of blockchain security firm Cyvers, told BeInCrypto.
Meanwhile, the hack immediately impacted Ethereum’s market price. As large volumes of the stolen ETH were liquidated, the altcoin fell over 4% in a straight line.
Sponsored
According to Arkham data, nearly $200 million worth of Lido Staked Ether (stETH) were sold within the first 30 minutes. Security experts have told BeInCrypto that this attack was almost identical to last year’s WazirX and Radiant Capital hack.
“Two minutes before the outflow transactions, the hacker re-implemented their Safe multisig wallet to delegate calls to the hacker’s malicious contract. This was likely caused by blind signing while attempting to execute a legitimate transaction. From that moment, the hackers had full control over the wallet and no longer needed additional signatures. This attack is very similar to those on WazirX and Radiant Capital,” Meir Dolev, Co-Founder and CTO of Cyvers, told BeInCrypto.
It appears that Bybit fell victim to the same malicious techniques that caused the biggest hacks of 2024.
This is an ongoing story. More information will be provided as the investigation unfolds.
